Method and system for monitoring and testing a communication network

ABSTRACT

A protocol analysis access system (“PAAS”) and a restricted access method for remotely monitoring and testing embedded channels in a signal communicated over a telecommunications network. The PAAS system is capable of accessing a signal from a network circuit through digital cross-connect systems (“DCSs”) or through direct connections. In case of restricted network access, the PAAS performs non-intrusive monitor-only function on the signal without interfering with or interrupting the data flow over the network circuit. In addition, the PAAS system is capable of performing non-intrusive conformance testing on a signal using a protocol analyzer. In case of non-restricted network access, the PAAS system allows full performance testing on a signal. The PAAS system functions are executed by an external command source from a remote network maintenance center via remote control links. The monitor-only and test results are reported back to the remote network maintenance center for further analysis.

RELATED APPLICATIONS

This application is a continuation of, and hereby claims priority to andincorporates by reference in its entirety, U.S. patent application Ser.No. 08/721,184 entitled “FIREWALL PERFORMANCE MONITORING AND LIMITEDACCESS SYSTEM”, which was filed on Sep. 27, 1996 now U.S. Pat. No.6,519,723.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to telephone networks, and moreparticularly to a system and method for accessing, monitoring andtesting a telephone network.

2. Description of the Related Technology

For some time, public switched telephone networks (PSTN) have utilizedtime division multiplexing (TDM) transmission systems to communicateboth voice and data signals over a digital communications link. Forexample, digital signal level 1 (DS1), and more recently digital signallevel 3 (DS3), data paths have long been used to carry both voice anddata signals over a single transmission facility. DS1 data paths carryDS1 signals which are transmitted at a transmission rate of 1.544 Mbps,and DS3 data paths carry DS3 signals which are transmitted at atransmission rate of 44.736 Mbps. Consequently, both DS1 and DS3 datapaths offer the advantage of considerably reducing the number of linesrequired to carry information that otherwise would be required withouttime division multiplexing the digital voice and data signals.

Nowadays, there are several regional Bell operating companies andindependent telephone companies which provide local telephone servicewithin numerous local access transport areas (LATA). These companies areforced to rely on interexchange carriers such as AT&T, MCI and Sprintfor transmission of calls from one LATA to another. As a result, a longdistance call or transmission from one end-user to another involves manylevels of multiplexing and many transport carrier handoffs. Theresponsibility for quality and performance of the telephone circuit isthus split between local telephone companies and interexchange carriers.

Telephone companies often need an economical way to access circuits fortesting and protocol analysis. Typically, each telephone companydispatches multiple repair crews with portable test equipment to anumber of locations. The locations include the network boundary betweenthe long distance and the local telephone company, the telephonebuilding nearest the end-user, and to outside facilities such as thecables and equipment beneath streets and on poles between the centraloffices and the end-user customer. This method of maintenance results insignificant inefficiencies. Hence, solutions which do not requiredispatching repair crews with portable test equipment when problemsoccur were created. Today, telephone companies equipped with advancedsystems can monitor circuits remotely from a network management center.However, with the split in responsibility among telephone companiescomes significant difficulties in maintaining network circuits,troubleshooting and isolating transmission faults over their data paths:logical faults (which are protocol dependent) and physical faults (whichare circuit dependent). Moreover, and perhaps more importantly, withdata services and voice services sharing common networks, anorganization maintaining a network common with another organizationcould easily access, interfere or disrupt circuit communications for theother organization.

Most network elements incorporate some form of monitoring, test, andcontrol of the data that they process. However, none of these optionssupports the monitor-only function or restricted access (firewall)feature of the present invention. The U.S. Pat. No. 5,375,126 toHekimian Laboratories, Inc., apparently describes a system whichprovides physical and protocol testing of digital data system (DDS). TheHekimian system, however, does not offer the firewall functionality ofrestricting or preventing a technician from accessing or interruptingunauthorized network circuits or other organization's equipment.

Thus, a restricted access method that provides continuous performancemonitor-only of DS3 embedded channels and technician access restrictedto authorized equipment are desired. It is desired to have a systemwhich provides comprehensive, full-time performance monitoring-only ofDS3 embedded channels (i.e. DS1, DS0 and subrate channels) through adigital cross-connect system (DCS) or directly connected circuits. It isfurther desired to provide a system having restricted circuit access(firewall feature) by data network technicians to ensure that a networkorganization accesses only its own equipment or authorized facilities.With the restricted access feature, other organizations will no longerhave to be concerned about unauthorized access to their circuits norabout interference or interruption caused by unauthorized access by datanetwork technicians. In addition, it is also desired to provide testingof DS1, DS0 and subrate circuits, along with an extensive suite of testcapabilities for HiCap, DDS and VF services only for authorized or corenetwork technicians.

SUMMARY OF THE INVENTION

The present invention provides a protocol analysis access system (PAAS)and a restricted access method to allow telephone companies to monitorand test their communication networks without accessing or interferingwith other restricted-access networks. From a telephone company'snetwork maintenance center, a data network technician can remotelymonitor and test a network via an X.25 or Ethernet remote control link.By executing specific and a limited number of transaction language 1(TL1) commands at the network maintenance center, the technician canperform non-intrusive and real-time access, monitor-only and testing ofDS0 and DS1 signals. In addition, by allowing a technician to executespecific commands only, the technician is prevented from testingunauthorized equipment network, i.e. those networks with accessrestricted to “core” network technicians.

In one aspect of the present invention, in a telephone network, a signalaccess system is provided comprising an analyzer capable of performingtesting on a service layer, an interface device connected to theanalyzer, wherein the interface device is capable of receiving a signaland performing non-intrusive monitor-only function on the signal, and anexternal command source providing commands to the interface device,wherein the commands include a monitor-only request.

Furthermore, in another aspect of the present invention, a signal accesssystem is provided which is capable of restricting access to a signal ofa selected circuit comprising an analyzer capable of performing testingon a service layer, an interface device connected to the analyzer, andan external command source providing commands to the interface device,wherein the commands include a test access request.

There are multiple configurations for the system of the presentinvention. In a first configuration as presently embodied, a techniciantransmits TL1 commands to a Test System Controller/Remote Test Unit(TSC/RTU) installed at a remote location to allow monitor and testaccess to a network through a digital cross-connect system (DCS). In asecond configuration, a technician transmits TL1 commands to anIntegrated Test Access Unit (ITAU) installed at a remote location toallow monitor and test access to a network directly. In bothconfigurations, the technician has monitor and test access to a widebandsignal using a Facility Access Digroup (FAD) port, and a narrowbandsignal using a Test Access Digroup (TAD) port. Furthermore, in order toperform service layer testing for a network circuit, a T1 based protocolanalyzer is connected to the TSC/RTU (in case of DCS connection) or tothe ITAU (in case of direct connection) through a FAD port for widebandsignal test access or a TAD port for narrowband signal test access. TheITAU or TSC/RTU performs non-intrusive testing (through monitor-only) onthe signal and, when the testing is complete, the signal is passed on orreleased to the protocol analyzer. Subsequently, at the networkmaintenance center, a technician executes special commands using anexternal command source (ECS) and remotely controls the protocolanalyzer via a separate control link to perform service layerconformance testing of the signal protocol implementation. When the testaccess is completed, the technician clears the test and instructs theITAU or the TSC/RTU to release the port.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram of the North American digital hierarchy used in atelephone network accessed by the present invention.

FIG. 2 is a block diagram of an exemplary protocol analysis accesssystem (PAAS) of the present invention configured with a digitalcross-connect system (DCS).

FIG. 3 is a block diagram of an exemplary protocol analysis accesssystem (PAAS) of the present invention configured with an integratedtest access unit (ITAU).

FIG. 4 is a functional block diagram of an exemplary interface device,the test system controller/remote test unit (TSC/RTU) system, shown inFIG. 2.

FIG. 5 is an operational flowchart of the access and monitor/testconnection command processing method of the present invention.

FIG. 6 is an operational flowchart of the access altering commandprocessing method of the present invention.

FIG. 7 is a functional block diagram of an exemplary interface device,the integrated test access unit (ITAU), shown in FIG. 3.

FIG. 8 is a system block diagram of the ITAU system shown in FIG. 7.

FIG. 9 is a diagram of the application of the non-intrusive monitor-onlyfunction by the protocol analysis access system (PAAS).

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

Reference is now made to the drawings wherein like numerals refer tolike parts throughout this application.

For convenience, the following description will be outlined into fivemain sections: (I) System Overview; (II) Interface Device; (III)Analyzer Set; (IV) External Command Source; and (V) Method of Operation.

I. System Overview

In FIG. 1, an analog signal (bandwidth<4 Khz) or voice frequency (VF)102 is digitally encoded. A plurality of these signals can then becombined with digital data signals and multiplexed into one digitalsignal level 1 (DS1) 104. A signal at the DS1 level is formed by thetime-division multiplexing (TDM) of 24 voiceband signals. Pulse-codemodulation (PCM) converts these analog signals to digital. The DS1signal has 24 channels each having a data transmission rate of 64 kbps.A framing bit is used to identify each group of 24 channels. The DS1signal has a rate of 1.544 Megabits per second (Mbps). This signal formsthe basic building block of the North American digital time-divisionmultiplexing hierarchy. Up to 28 DS1 signals 104 are multiplexed to forma DS3 signal 108 which operates at a transmission rate of 44.637 Mbps.Like the DS1 signal 104, the DS3 signal 108 is a digital bipolar signalstructured into frames.

In one aspect of the present invention, the protocol analysis accesssystem (PAAS) operates in at least one of two main configurations. Asshown in FIG. 2, in one configuration of the present invention, the PAASsystem 150, comprises an interface device 170′, an analyzer 110, and anexternal command source (ECS) 112. In this configuration, an exemplaryinterface device 170′ is a test system controller/remote test unit(TSC/RTU). The TSC/RTU 170′ receives control commands from the ECS 112via a remote control link 116. The remote control link 116 is preferablyan X.25 or Ethernet control link.

In a typical configuration, there may be multiple digital cross-connectsystems (DCSs) 118 connected to the same TSC/RTU 170′ system. TheTSC/RTU 170′ system provides monitor-only access on those circuits ofrestricted networks through a DCS 118. The TSC/RTU system provides fulltest access on a network circuit through a DCS 118 where full testaccess is authorized. The restriction status determination of the signalof a selected network circuit may be accomplished using one, or acombination, of several embodiments. In one embodiment, the TSC/RTU 170′may determine whether access, monitor-only, or full test may beperformed on the signal of the selected circuit. In a second embodiment,the DCS 118 may determine whether access, monitor-only, or full test maybe performed on the signal of the selected circuit. The TSC/RTU, or theDCS, reaches its determination by preferably referring to an internalnetwork element database wherein the requested access point restrictionstatus is derived from a pre-programmed characteristics list in thedatabase. In a third embodiment, a user-identification, privilege code,or password may be used to classify a technician's access ability toperform access, monitor-only or full test on the signal of the selectedcircuit. In a fourth embodiment, the status of the selected circuit maybe used to determine whether to perform access, monitor-only or fulltest on the signal of the selected circuit. In this embodiment, theTSC/RTU 170′, DCS 118, or other equipment, preferably accomplishes thisdetermination by analyzing circuit header information retrieved from theselected circuit. The choice among one or several of these embodimentswill often depend on the system configuration and the telecommunicationscompany's network maintenance requirements.

The TSC/RTU 170′ connects to one or more of the T1 connections 135 or189 on the DCS 118 to access the network circuit 108. A narrowbandsignal on a T1 connection 189 is called a Test Access Digroup (TAD) 110.A wideband signal on a T1 connection 135 is called a Facility AccessDigroup (FAD). When testing is performed on a network circuit, the DCS118 cross-connects a test channel to the TAD 189 or FAD 135. For DS1access, a test access path (TAP) 137 consists of two digroups that arenormally referred to as a FAD. In addition, the TSC/RTU 170′ systemcommunicates with and controls the DCS 118 using TL1 and/or programdocumentation system (PDS-Snyder) commands via an X.25, Ethernet, framerelay circuit, asynchronous RS-232 interface, or an ATM control link138/138′.

As shown in FIG. 3, in another configuration, an exemplary interfacedevice is an integrated test access unit (ITAU) 170. The ITAU 170receives control commands from the ECS 112 via a remote control link117. The remote control link 117 is preferably an X.25 or Ethernetcontrol link. The ITAU 170 device provides test access to a networkcircuit 108 through direct connections 134 or 188 on the networkcircuit. Similar access, monitoring-only and testing provided by theTSC/RTU 170′ is also provided using the ITAU 170. Moreover, when usingthe ITAU 170, the PAAS system can perform restriction determinationssimilar to those discussed above with respect to the TSC/RTU 170′,excluding the DCS determinations. In addition, real-time performancemonitoring is collected on all circuits connected in-line with the ITAU170.

Monitor-only Function

As shown in FIG. 9, a network circuit 103 under test is monitored inboth directions (bi-directional) via test access paths (TAPs) 137.Monitor access provides a hitless monitor connection onto the channelunder test or DS1 facility. The channel transmission continues normallyduring monitoring, with the test access connection transparent to thechannel. The monitor access function does not affect the channels anddigroups not selected for access. A monitor access connection does notinterfere with or disrupt the digital signal passing over the DS1facility. The monitored signal from the channel under test is placedthrough a TAP onto a TAD or FAD so that it may be received by theinterface device 170/170′.

For DS1 access, monitoring may be used to measure, without splitting thedata flow in the circuit, a test signal at an intermediate location 105while testing is underway between other points on the circuit. Monitoraccess of the DS1 facility is conceptually similar to DS0 access, but itis physically different because separate digroups are used and the DS1signal of only one side of the circuit access is brought to the testsystem for observation. This monitor-only function allows a technicianto determine the status of a circuit without disturbing or interruptingthe data flow through the circuit. More particularly, the performance ofa circuit is checked without causing bit errors on the accessed DS1signal, i.e., non-intrusively.

Referring again to FIGS. 2 and 3, the control link 116/117 is a datapath between the ECS 112 and the Interface Device 170/170′ that carriescommands from the ECS 112 and responses from the Interface Device170/170′. Alarm and status information may also be carried by thecontrol link 116/117.

When service layer testing is desired, a T1 based protocol analyzer 110is connected to the TSC/RTU 172 or ITAU 170 through a DS1 TAD or DS1/DS3FAD port 135. The TSC/RTU 170′ or ITAU 170 performs non-intrusivephysical layer testing on a desired circuit. When the physical layertesting is completed, the TSC/RTU 170′ or ITAU 170 passes the circuit tothe protocol analyzer 110 for further detailed testing and protocolconformance analysis. At the network maintenance center 100, atechnician can use a remote computer 112 to control the protocolanalyzer via a separate X.25 or Ethernet control link 114. Thetechnician can command the protocol analyzer 110 to perform servicelayer conformance and other detailed testing including full andfractional T1 testing of logical errors, frame errors, CRC errors,packet densities, addresses, header information, slips, PRM, troublescan, timeslot monitor and DDS code display. When the test access is nolonger required, the technician can clear the test from the ECS 112 andthe TSC/RTU 170′ instructs the DCS 118 to release the port 135 or 189.

II. Interface Device

The kind of interface device used in this invention depends on thedesired access application. If access to a network circuit through adigital cross-connect system (DCS) 118 is desired, an exemplaryinterface device is a test system controller/remote test unit (TSC/RTU)170′. For this configuration, an interface device which meets or exceedsthe TSC/RTU 170′ specifications is the Centralized Test System (“CTS”)manufactured by Applied Digital Access, Inc., the assignee of thepresent invention. If direct access to a network circuit is desired, anexemplary interface device is an integrated test access unit (ITAU) 170.For this configuration, an interface device which may meet or exceed theITAU 170 specifications is the T3AS system manufactured by AppliedDigital Access, Inc., the assignee of the present invention.

A. Access Through a Digital Cross-Connect System (DCS)

As shown in FIG. 2, the TSC/RTU 170′ provides test access to DS0 and DS1circuits that are transported over telephone networks throughsynchronous or asynchronous interfaces on digital cross-connect systems(DCSs) 118. The TSC/RTU 170′ system access as any circuit up to DS1signal level through DS1 test access digroup (TAD) ports 189 onnarrowband DCSs 118, and DS1 or DS3 facility access digroup (FAD) ports135. More particularly, the TSC/RTU 170′ interfaces to a 1/0cross-connect through the DS1 TAD port 189, to a 3/1 cross-connectthrough the DS1 or DS3 FAD port 135 to access any individual circuit upto a DS1 signal level. The TSC/RTU 170′ is a highly integratedapplication which permits both DS0 and DS1 test access within a singleDS1 access unit.

In this configuration, the TSC/RTU 170′ platform is configured toprovide access to narrowband and wideband circuits that are provisionedfor advanced data services such as frame relay, switched Megabit datasystem (SMDS) or asynchronous transfer mode (ATM). In thisconfiguration, the TSC/RTU 170′ provides circuit testing and connectscircuits to a protocol analyzer 110 for more detailed troubleshooting,e.g. conformance testing. With the ECS 112, the TSC/RTU 170′ provides acost-effective method to access circuits from a centralized networkmaintenance center 100.

The TSC/RTU 170′ accesses channels embedded in a DS1 and DS3 circuitsthrough DCS systems 118. When a technician initiates a command using theECS 112 to access or monitor a specific DS0 or DS1 circuit, the TSC/RTU170′ configures the test access request via a control link 138 to theDCS 118. Subsequently, the DCS 118 gives the TSC/RTU 170′ monitor-onlyaccess on the TAD 135 or FAD 189 ports. The TSC/RTU 170′ performs acomplete suite of tests on VF, DDS, and HCDS service to a DCS 118. TheTSC/RTU 170′ tests the desired circuits, and instructs the DCS 118 torelease the test port 135/189. The results are then reported or sent tothe ECS 112 for the technician's analysis. Details on the reported testresults or monitoring parameters are discussed in the External CommandSource section IV of this application.

As shown in FIG. 4, the TSC/RTU 170′ comprises a test resource shelf andan administration shelf. The TSC/RTU 170′ system further comprises areal-time operating system and an extensive suite of applicationssoftware that is executed in response to commands received from the ECS112 on distributed processing hardware. The operating system implementsthe distributed processing functionality of the TSC/RTU 170′ by linkingmore than 350 dedicated microprocessors in a real-time computingenvironment. TSC/RTU 170′ software architecture is designed to enableadditional system features and capabilities to be installed easilythrough field software upgrades. DS3 and DS1 circuits may be transferredfrom the online main path to the redundant standby path withoutdisruption of the embedded data streams. Hitless access is provided byaccessing a low-speed circuit (e.g., DS0) embedded in a high-speedcircuit (e.g., DS1) without affecting any other circuit embedded in thehigh-speed circuit. The TSC/RTU 170′ provides access to the DS3 circuit,any embedded DS1 circuit, DS0 circuit, or the subrate circuit, withoutaffecting any other circuit within the DS3 circuit. The TSC/RTU 170′ maybe collocated with or remotely located to the DCS 118.

Administration Shelf

As shown in FIG. 4, the Administration Shelf 200 contains the centralcomputing elements and memory storage resources. This shelf alsoprovides resources for intershelf communication and communication withsupport and management centers or personnel. Internal communication isin multiple serial communication protocols “Electronic IndustriesAssociation (EIA) 232” and “EIA 423”. External interface languageformats include TL1, PDS and MML. The Administration Shelf 200 is thesource of system generated office alarms including audible, visual, andtelemetry, as well as displays. The Administration Shelf 200 containsfour hardware modules as described below.

The Administration Processor module 190 is the central systemcontroller. It provides inter-shelf communication via the HDLC link 192and communication with external interfaces through the CommunicationProcessor module 194 described below. It uses serial interfaces forinternal system control: a Small Computer System Interface (SCSI)interface 208 for control of peripherals such as the hard disk drive(not shown), and a VersaModule Eurocard (VME) data bus interface 210 tocommunicate with other VME standard modules. The SCSI interface 208connects the Administration Processor module 190 to a PeripheralSubsystem 212, and the VME interface connects the module 190 to theCommunication Processor module 194 and an Office Alarm Interface Module214.

The Peripheral Subsystem 212 has a 1.44 megabyte floppy disk drive, a105 megabyte hard disk drive, a 60 megabyte optional tape drive, and aPeripheral Module, none of which are shown on FIG. 4. These componentsstore surveillance data and record user activity.

The Communication Processor module 194 provides the communicationinterface 196 to external Operations System (OS) or test system controlcenters (not shown). Interfaces are via TL1 or PDS. The electricalprotocols are serial “EIA 232” or “EIA 423”. Craft interface is MML witha user friendly overlay. Other communication 196′ external to the systemis done with TL1 and PDS using serial interface electrical protocolsbased on Consultative Committee for International Telephony andTelegraphy (CCITT) standard X.25.

The Office Alarm Interface Module 214 generates audible 216 a, visual216 b, and telemetry 216 c alarms for critical, major, and minor officealarms. It also receives and converts a DS1 based Building IntegratedTiming Source (BITS) clock (not shown), providing clock and frame forinternal synchronization. The BITS clock is a clock reference for anentire Central Office.

Test Resource Shelf

The Test Resource Shelf 204 supports test resource functionality forDS1, and a full range of DS0 and sub-DS0 testing. The TAD/FAD 188′ portalso provide interfaces for testing DS1s and DS0s via a DS1 access. TheTest Resource Shelf 204 contains four modules as described below.

A DS1 Interface module 238 provides an ITAU System network interface atthe DS1 rate that can be configured either as a TAD or FAD port. As aTAD interface 188, the DS1 Interface module 238 demultiplexes anincoming DS1 channel and extracts selected DS0 circuits for testing.Configured as a FAD interface 188′, this module 238 receives, transmits,and loops the intact DS1 facility. Performance monitoring and testaccess supervision are also provided for HCDS testing of DS1s input viathe FAD. The DS1 Interface module 238 connects to the DS1 Access andTest modules 184 and 184′, the DS0 Access and Test module 186, and theShelf Monitor module 232′.

The DS1 Access/Test module 184′ provides HCDS testing to the embeddedDS1s. This module supports simultaneous HCDS testing of two DS1channels. The DS0 Access/Test module 186 incorporates digital signalprocessing (DSP) for DDS and VF testing of DS0 and subrate channelsembedded in a DS3 or DS1 bit stream. Each module supports up to sixsimultaneous tests.

The Shelf Monitor module 232′ serves as the intra-shelf communicationinterface. It provides retiming, buffering, and differential to singleended conversions of data and control lines.

B. Direct Test Access

FIG. 7 is a functional block diagram illustrating the architecture ofthe ITAU System 170. The ITAU System 170 of the present inventionconnects in-line to as many as 48 bi-directional DS3 signals or 96one-way DS3 signals, such as, for example, the DS3 signal fed across theline 134, to provide: continuous non-intrusive performance monitoring ofDS3 and embedded DS1 channels; non-intrusive performance monitoring ofDS0 and embedded channels, on demand; hitless access to multiplexed DS1,DS0 and subrate channels; intrusive or non-intrusive testing of DS1, DS0and subrate channels; and an OS interface for reporting and control.

In general, the performance monitoring function stores notable eventsand calculates statistics such as error rates. Among others, theparameters and events monitored at the DS3 level by the ITAU System 170include: frame format, bipolar violations (BPV) and loss of signal(LOS). DS3 level statistics, including, for example, frame formatstatus, F bit error count and frame parity error count, are stored andreported to the OS. Similarly, DS1 level performance monitoring andstatistics, and TAD/FAD performance monitoring are stored in memory bythe system 170.

The ITAU System 170 also provides hitless monitor or split access to allDS1, DS0 and subrate channels in support of pre-service testing,verification or sectionalization of faults, and verification of repairs.A monitor access permits the system 170 to “listen” to the accessedchannel as it passes through the system undisturbed. Establishing ortearing down a monitor access does not cause disruption to the channelor to other components of the bit stream. A split access breaks thenormal through path of the channel and the received data from eachdirection has data inserted into the outgoing transmit channels.

Lastly, the ITAU System 170 provides non-intrusive test capabilities forextracting DS1, DS0 and subrate channels from received DS3 and DS1 bitstreams without affecting the transmission of the same informationthrough the system. Intrusive testing allows the writing of informationinto outgoing DS1, DS0 and subrate channels embedded in the DS3 bitstream. For example, intrusive tests include HCDS and DDSreconfiguration commands, looping commands, test patterns and voicefrequency test tones, and complex waveforms such as those required forP/AR tests.

Again referring to FIG. 7, the DS3 signal received on the line 134 isfed through a receiver or regenerator 172, which outputs a DS3 signalhaving the same digital information, then through a combiner 174, andthrough a transmitter or regenerator 176. A primary path relay 178,shown to be closed, allows the DS3 signal to be output from this primarypath across the output line 134′. Simultaneously, the incoming DS3signal is fed through two regenerators 172′, 176′, but a second relay,termed the protect path relay 1784′ is open thus preventing this protectpath from feeding its DS3 signal to the output line 134′. The relays178, 178′ are operated cooperatively, as will be further discussedbelow, to apply the signal from only one of the two paths to the outputline 134′ thus providing fail-safe transmission of the DS3 signalthrough the ITAU System 170.

The performance monitoring functions of the ITAU System, as discussedhereinabove, are conducted in the functional block indicated in FIG. 4at 180, which receives the DS3 signal from the primary path. Access andtest functions are accomplished by feeding the DS3 signal from theprimary path to a DS1/DS0 router 182 which selectively routes embeddedchannel data to one or more DS1 test resources 184 or DS0 test resources186. Since DS1 and DS0 test systems are well-known, the function of thetest resources 184, 186 will not be further discussed herein. A TAD/FADinterface line 188 for carrying a DS1 signal also connects to the router182 so that the ITAU System 170 can be used as a remote test unit or asa local test unit for bit streams demultiplexed from incoming DS3signals with external test equipment. Note that tests requiring bitoverwrite communicate data via the router 182 to the combiner 174 wherebits are selectively overwritten in the DS3 signal.

Performance monitoring, access and test are controlled by a systemcontroller 190 via a High Level Data Link Control (HDLC) bus or link 192connected to the performance monitor 180, DS1/DS0 router 182 and the DS1and DS0 test resources 184, 186. The system controller 190 alsocommunicates with a user interface subsystem 194 that providescommunication to an OS (not shown) across a line 196 for control fromremote locations. The user interface decodes messages sent inTransaction Language 1 (TL1), generally used by modern mechanizedsystems, or Program Documentation System (PDS) formats. Man-MachineLanguage (MML) is used to interface with craft technicians. Thus, alocal telephone company, e.g., Bell South, or interexchange carrier,e.g., MCI, can gain immediate access to the DS3 and embedded channels byusing the ITAU System 170 of the present invention.

FIG. 8 is a system block diagram of the ITAU System 170. The ITAU System170 integrates monitor, access, and test functions into one systemhaving three shelves of hardware. A fully configured ITAU System 170supporting 48 DS3s would be housed in two equipment bays, each baysupporting 5 shelves; one Administration Shelf 200, eight High SpeedInterface Shelves 202, and one Test Resource Shelf 204. The ITAU System170 is designed for operation in a central office environment.

The ITAU System 170 is modular in design, supporting the network as itexpands and enabling easy integration of hardware and softwarecapabilities. Each hardware module contains a processor complex, whichwill be described hereinbelow, that provides data collection, control,and communication to the central administration processor 190. Design ofthe ITAU System 170 was based on the philosophy that the addition of anetwork maintenance element should not degrade network reliability. Toachieve this goal, the ITAU System 170 carefully monitors its circuitryand software functionality. The ITAU System 170 is protected byredundancy to an extent that causes the system to substantially exceedindustry goals for network reliability. In order to further enhance ITAUSystem 170 reliability, each DS3 path is protected by a bypass repeaterproviding a one-to-one redundancy, which is automatically switched intoservice if the normal path through the ITAU System 170 should fail topass any of several stringent internal diagnostic tests.

Administration Shelf

As shown in FIG. 8, the Administration Shelf 200 contains the centralcomputing elements and memory storage resources. This shelf alsoprovides resources for intershelf communication and communication withsupport and management centers or personnel. Internal communication isin multiple serial communication protocols “Electronic IndustriesAssociation (EIA) 232” and “EIA 423”. External interface languageformats include TL1, PDS and MML. The Administration Shelf 200 is thesource of system generated office alarms including audible, visual, andtelemetry, as well as displays. The Administration Shelf 200 containsfour hardware modules as described below.

The Administration Processor module 190 is the central systemcontroller. It provides inter-shelf communication via the HDLC link 192and communication with external interfaces through the CommunicationProcessor module 194 described below. It uses serial interfaces forinternal system control: a Small Computer System Interface (SCSI)interface 208 for control of peripherals such as the hard disk drive(not shown), and a VersaModule Eurocard (VME) data bus interface 210 tocommunicate with other VME standard modules. The SCSI interface 208connects the Administration Processor module 190 to a PeripheralSubsystem 212, and the VME interface connects module 190 to theCommunication Processor module 194 and a Office Alarm Interface Module214.

The Peripheral Subsystem 212 has a 1.44 megabyte floppy disk drive, a105 megabyte hard disk drive, a 60 megabyte optional tape drive, and aPeripheral Module, none of which are shown on FIG. 8. These componentsstore surveillance data and record user activity.

The Communication Processor module 194 provides the communicationinterface 196 to external Operations System (OS) or test system controlcenters (not shown). Interfaces are via TL1 or PDS. The electricalprotocols are serial “EIA 232” or “EIA 423”. Craft interface is MML witha user friendly overlay. Other communication 196′ external to the systemis done with TL1 and PDS using serial interface electrical protocolsbased on Consultative Committee for International Telephony andTelegraphy (CCITT) standard X.25.

The Office Alarm Interface Module 214 generates audible 216 a, visual216 b, and telemetry 216 c alarms for critical, major, and minor officealarms. It also receives and converts a DS1 based Building IntegratedTiming Source (BITS) clock (not shown), providing clock and frame forinternal synchronization. The BITS clock is a clock reference for anentire Central Office.

High Speed Interface Shelf

Each High Speed Interface Shelf 202 supports the capability to interfaceup to six bi-directional DS3 signal lines 134. Up to eight shelves canbe provisioned to support a total of 48 DS3s per system. Each DS3 path134 is supplied with one-for-one protection. Continuous performancemonitoring at the DS3 rate of DS3 and DS1 parameters, hitless access toDS1 and all embedded DS0 channels, and drop and insert of DS1 and DS0channels into a DS3 bit stream are provided. HCDS testing capability isprovided for the proprietary formatted DS1 data that is available.Formatted DS0 data can be transported via a PCM Highway 220 to the TestResource Shelf 204 for testing. The High Speed Interface Shelf 202contains four hardware modules as described below.

A set of DS3 Interface modules (two modules are shown in FIG. 8) 171 and171′ interface the digital DS3 bit stream 134 and provide resources todemultiplex the DS3 into component DS1, DS0, and subrate channels. TheDS3 Interface modules 171 and 171′ connect to a Shelf Monitor module 232and a DS3 Monitor module 224 via the PCM Highway 220. The DS3 Interfacemodules support DS3 regeneration circuity with drop and insertcapability at DS1, DS0 and subrate digital levels. Full framing andcontinuous performance monitoring information is collected and reportedat DS3 and DS1 levels. The module 171 contains DS3 protection andregeneration circuitry, providing one-for-one next-card protection forthe DS3 bit stream on the adjacent module 171′.

The Shelf Monitor module 232 interconnects the DS3 Interface modules 171and 171′, the DS3 Monitor module 224 and the DS1 Access and Test module184 using the HDLC link 192. The Shelf Monitor module 232 serves as theintra-shelf communication interface via the HDLC link 192 to theAdministration Processor 190. The module 232 also connects to a ShelfMonitor module 232′ on the Test Resource Shelf 204 via the PCM Highway220. The Shelf Monitor module 232 provides retiming, buffering, anddifferential to single ended conversions of data and control lines.

The DS3 Monitor module 224 connects to the DS3 Interface modules 171 and171′ via Monitor bus 226 and 226′, respectively. The DS3 Monitor module224 performs fault management on the DS3 Interface modules 171 and 171′by doing a bit for bit compare. Error conditions are reported using theHDLC link 192. The DS1 Access/Test module 184 connects to the DS3interface modules 171 and 171′ via a Pseudo DS2 (PDS2) Bus 230. Themodule 184 also connects to the DS3 Monitor 224 via the PDS2 Bus 230(link not shown). The DS1 Access/Test module 184 provides HCDS testingto the embedded DS1s. This module supports simultaneous HCDS testing oftwo DS1 channels. DS1 channels can be routed to the Test Resource Shelf204 for testing via a Pseudo DS1 (PDS1) bus 234. There is one DS1Access/Test module per High Speed Interface Shelf 202.

Test Resource Shelf

The Test Resource Shelf 204 supports test resource functionality forDS1, and a full range of DS0 and sub-DS0 testing. The TAD/FAD 188′ portsalso provide interfaces for testing DS1s and DS0s via a DS1 access. TheTest Resource Shelf 204 contains four modules as described below.

A DS1 Interface module 238 provides an ITAU System network interface atthe DS1 rate that can be configured either as a TAD or FAD port. As aTAD interface 188, the DS1 Interface module 238 demultiplexes anincoming DS1 channel and extracts selected DS0 circuits for testing.Configured as a FAD interface 188′, this module 238 receives, transmits,and loops the intact DS1 facility. Performance monitoring and testaccess supervision are also provided for HCDS testing of DS1s input viathe FAD. The DS1 Interface module 238 connects to the DS1 Access andTest modules 184 and 184′, the DS0 Access and Test module 186, and theShelf Monitor module 232′.

The DS1 Access/Test module 184′ provides HCDS testing to the embeddedDS1s. This module supports simultaneous HCDS testing of two DS1channels. The DS0 Access/Test module 186 incorporates digital signalprocessing (DSP) for DDS and VF testing of DS0 and subrate channelsembedded in a DS3 or DS1 bit stream. Each module supports up to sixsimultaneous tests.

The Shelf Monitor module 232′ serves as the intra-shelf communicationinterface. It provides retiming, buffering, and differential to singleended conversions of data and control lines.

In summary, the PAAS system allows telephone companies tonon-intrusively monitor-only individual circuits of restricted networksreported as problematic within seconds instead of hours. The continuousmonitoring capability of the PAAS system allows telephone companies todetect circuit degradation before receiving customer complaints, and toinitiate maintenance actions to restore the circuit to fullfunctionality without affecting other users. The ability of the PAASsystem to communicate with the DCS 118 offers command languagetranslation between the DCS 118 and other facilities.

III. Analyzer Set

As shown in FIGS. 2 and 3, but with particular reference to FIG. 2, thepreferable protocol set is a protocol analyzer 110. The protocolanalyzer 110 passively monitors individual network circuits, usuallytesting from the bottom of the protocol stack upward. The protocolanalyzer 110 performs service layer testing by decoding traffic,measuring bit error rates, and providing historical data from thenetwork switches, routers, and other devices. A technician at thenetwork maintenance center 100 can remotely control the protocolanalyzer 110 via an X.25 or Ethernet control link 114 to perform fulland fractional T1 testing of frequency, level, logical errors, frameerrors, bipolar violations, CRC errors, density violations, slips, PRM,trouble scan, timeslot monitor and DDS code display.

The protocol analyzer 110 balances high performance and low cost.Typically, the protocol analyzer 110 may be implemented as one of threedifferent architectures: software-based, hardware/PC, and integratedhardware. The protocol analyzer 110 is capable of copying all frames onthe network regardless of their destination (this feature is known asoperating in a promiscuous mode) to truly peek into various network datacommunications.

An exemplary protocol analyzer used in this invention is aself-contained network-capture device coupled with a PC interface, inthe configurations of the present invention. For example, theHewlett-Packard Co.'s Internet Advisor, Network General Corp.'s ExpertSniffer, or Wandel & Goltermann Technologies Inc.'s DominoLAN 1.3analyzers may be used. The capture device consists of a specialized NIC111, or it can be a standalone analyzer pod connected to a host computerby serial, parallel, or network cable. With this type of analyzer, theECS 112 serves principally as a user interface for the capture hardware.The ECS 112 might decode frames stored in RAM, download capture files,or configure network-traffic generation. In any case, the analysishardware is fed information from the controlling ECS 112; nearly allanalysis functions are then performed independently by the analyzer 110hardware. Unlike software-based analyzers, performance is not affectedby the CPU of the ECS 112, which provides a user interface to theanalyzer 110.

If direct analysis reporting is desired by a technician at the networksite, then an integrated analyzer set, in which the capture hardware anda PC platform are tightly integrated in one box, may be used. Thisarchitecture is similar to that of the hardware/PC combination: The PCcomponent provides a user interface for the hardware-capture component.With the integrated approach, the analyzer set 110 comprises acombination of processor, memory, platform, and NIC.

The protocol analyzer 110 performs three essential functions:monitoring, capturing/decoding, and traffic generation. The monitorfunction is central to the present invention, observing—but notnecessarily capturing—network data traffic. From this raw data, framerate, network utilization, and protocol conformance and distribution arecalculated and reported back to the technician. These results can bedisplayed as skylines, pie charts, or histograms for the technician. Themonitoring function is capable of delivering an accurate traffic count.Capturing and decoding is another function of the protocol analyzer set110. The protocol analyzer set 110 is capable of accurately translatingbit-filled packets, and copying frames—or portions of frames—into memorybuffers, from which a technician can interpret the logical exchangestaking place in the network. Capturing/decoding is most often used todebug logical problems between communicating stations rather than theentire physical network. A technician can decide whether or not tocapture frames during a monitoring session. In order to avoid theprotocol analyzer buffer from overflowing, filters or slicing optionsmay be incorporated in the protocol analyzer 110. These filters ensurecopying only important data to the protocol analyzer, and unimportantframe types are ignored. On the other hand, slicing options copy justthe frame headers, where the most important information is located, tothe protocol analyzer 110.

The protocol analyzer 110 can function as a repeater by notparticipating in any circuit activities and simply relocking theelectrical signal back on to the network. The protocol analyzer 110reports to the technician at the network maintenance center 100 signalsample as captured by the logic analyzer, the phase/event history, andthe data transferred within the signal sample.

IV. External Command Source

In the present invention, a data network technician may only execute alimited number of commands. More particularly, the data techniciantransmits specific commands to control the interface device and performaccess, monitor-only, and test (where authorized) on the embeddedchannels of a DS3 or DS1 signal. Exemplary commands, their function, andthe monitored or reported channel characteristics (where applicable) aredescribed below.

ACT-USER (Activate User)

This command starts a user session with the Integrated Test Access Unit(ITAU). “Activate User” is equivalent to “logging on” to the system. Thelogon can be terminated using the CANC-USER command. This command canonly be used via an ITAU which is not configured for automatic logout.

CANC-USER (Cancel User)

This command terminates a second user session with the ITAU while stilllogged on as another user. “Cancel User,” in this case, is equivalent to“logging off” the secondary user from the system. This secondary logoncan be initiated using the ACT-USER command. This command can only beused via an ITAU machine port.

CONN-TACC-T1 (Connect Test Access for T1 Circuit)

This command provides information required to process an access to theT1 circuit under test. Either a monitor access or a split access may berequested. The monitor access to the circuit under test is hitless. Thepresence of a signal is measured on the indicated input pair. The signalpresence detector indicates presence of a signal if the average minimumpulse density ratio of ones to zeros is greater than 1:15.

CHG-ACCMD-T1 (Change Access Mode T1 Circuit Under Test)

This command changes the access mode for the circuit under test. In caseof non-restricted access, either a monitor access or a split access maybe requested. The presence of a signal is measure on the indicated inputpair. The signal presence detector indicates presence of a signal if theaverage minimum pulse density ration of ones to zeros is greater than1:15. CONN-TACC-T1 is a prerequisite for this command.

DISC-TACC (Disconnect Test Access)

This command releases access, returns the circuit to its normal state,and frees up the ITAU. This command successfully executes if a CONN-TACCcommand was previously executed. If a monitor/talk line was establishedfor this access, it will be released as part of the execution of thiscommand. (Note: active latching loopbacks will not be released part ofthis command).

MON-DDS (Monitor Digital Data Signal)

This command requests the determination of whether network control codesor customer data are present. Also, this command causes the retrieval of1-byte or multiple-byte (up to 50) samples from the circuit under test.Errors in the DS1 and DS0B framing patterns may be counted. The countingstarts after the frame is found. DISC-MEAS command may be used toprematurely stop this command and REPT-RESLT command may be used toprovide intermediate results. This command executes with the circuit inany access state and execution of the command does not change the accessstate. CONN-TACC-T0y is a prerequisite for this command.

The parameters and their allowable values/limits are as follows:

<tsn> 1 to 999 (required) <ctag> null, or up to 6 user-definedalphanumeric characters (begins with alpha-character) (optional)(Exception: Numeric only is also allowed) <dir> E, F or B (required><mos> M. S, ARM, SSM, MCM, or (S-1 to S-50) (required) <nob> 1 to 50(optional) (this parameter is used only when the value for parameter<mos> = S-x) <dur> MMMM-SS (required) where MMMM = 0 to 9999   SS = 0 to60 <ri> 2 to 999 or S (optional)MON-SIG-HCDS (Monitor and Characterize HCDS Signal)

This command provides non-intrusive HCDS signal characterization forspecial services circuits. It may be used in a bridging or monitoringconfiguration, as well as full split or looped access in the E or Fdirection.

The prerequisite for this command is the CONN-TACC-T1 command, and thecommand is discontinued using the DISC-MEAS or DISC-TACC commands.Intermediate results are always returned according to the value of theReporting Interval (ri).

MON-SIG-T3 (Monitor and Characterize T3 Signal)

This command provides non-intrusive T HCDS signal characterization forspecial services circuits. It may be used in bridging or monitoringconfiguration, as well as full split access in the E or F direction.

The prerequisite for this command is the CONN-TACC-T3 command, and thecommand is discontinued using the DISC-MEAS or DISC-TACC commands.Intermediate results are always returned according to the value of theReporting Interval (ri).

A typical general response format displayed at the ESC 112 for thetechnician is as follows:

cr lf SIGNAL = { DS1 [C] } cr lf CODE** = { AMI  B8ZS  UNKNOWN UNSUPPORTED } cr lf FORMAT = { ESF SF T1D DLC UNKNOWN } cr lf DENSITY**= { { 0 <i>} UNKNOWN  NA } cr lf BPV** = { { 0 <i>} UNKNOWN  NA } cr lfCRCV = { { 0 <i>} UNKNOWN  NA } cr lf PATTERN = { QRS 550CTET 3IN24 <24BitPattern> NONE} cr lf OOF = { { 0 <i>} UNKNOWN NA } cr lf COFA = { { 0<i>} UNKNOWN NA } cr lf ALARM = { RED YELLOW AIS NONE  NA } cr lfFBITERR = { { 0 <i>}  NA } CR LF 16ZEROS = { { 0 <i>}  NA } cr lf 8ZEROS= { { 0 <i>} NA } cr lf SYNFAIL = { YES  NO } **Note: High-SpeedSubSystem is not supported.

The parameters and their allowable values/limits are as follows:

<tsn> 1 to 999 (required) <ctag> null, or up to 6 user-definedalphanumeric characters (begin with alpha-character) (optional)(Exception: Numeric only is also allowed) <dir> E, F or B* (defaults tothe access direction specified in the most recent CONN-TACC orCHG-ACCMODE) (optional) <interval> 1 to 999 (default = 10) (optional)RTRV-HDR (Retrieve Message Header)

This command instructs the ITAU to retrieve and display the data itemsthat it places on its standard TL1 output header. These items are theITAU's SID code, the current date and current time.

V. Method Of Operation

Referring to FIG. 5, the protocol analysis access system (PAAS) utilizesa process 250 for test connection command processing to initiate a testaccess. This process determines if the access mode is for a monitor-onlymode access, and if so, allows monitoring of individual circuits overnetwork through a digital cross-connect system (DCS) or directly.

Beginning at a start state 252, the process 250 moves to state 254wherein the ECS 112 (FIGS. 2,3) sends a test connection command to thecommunication processor 194 (FIG. 8) over the X.25 communicationinterface 196′. The communication processor 194 sends the receivedcommand to the administration processor 190 for command verification. Asshown at state 256, the test connection commands include a command fortesting DS1 channels (conn-tacc-t1) and a command for testing DS0channels (conn-tacc-t0x). Continuing at a decision state 258, process250 determines whether the access mode is for PAAS (i.e. monitor-only orrestricted access). The access mode command selection is performed byuse of the ECS 112, and is described in conjunction with FIG. 6. Ifnon-PAAS access is requested, process 250 completes at state 260 andreturns to allow non-PAAS access processing, such as intrusive testingor monitoring on authorized circuit network(s) only.

If however, the process determines that a PAAS mode access is requested,as determined at decision state 258, process 250 continues at state 262wherein the access data, including the access mode (PAAS), a testsequence number (TSN), and a selected test communication channel, arestored. The TSN is preferably a number between one and 999 thatidentifies a particular test sequence or session. Proceeding to adecision state 264, process 250 determines whether the connection testaccess command is for a circuit that is accessible through the TSC/RTU170′ (FIG. 2) or through the ITAU 170 (FIG. 3).

If it is determined that access is by the TSC/RTU 170′, process 250initiates a monitor access with the digital DCS 118 (FIG. 2). Moving tostate 266, process 250 retrieves data about the DCS 118 from a networkelement database (not shown). This database includes information aboutthe network elements in the system, such as the DCSs, and includesinformation such as make and model of the element, connected ports,signal level, e.g., DS1, and so forth. Note that states 258, 262, 264and 266 are performed by the administration processor 190. Advancing tostate 268, the communication processor 194 (FIG. 8) exchanges messageswith the administration processor 190 to communicate with the DCS 118.At state 270, a monitor connection command, e.g., “ttst mon to” or“conn-tacc”, is sent to the DCS 118 by the communication processor 194,and the subsequent DCS response is processed by process 250.

At the completion of state 270 or if is determined at decision state 264that the signal access is through an ITAU 170, process 250 moves tostate 272. At state 272, the administration processor 190 sends messagesto the DS1 Access and Test module 184′ or the DS0 Access and Test module186 for controlling access within the interface device (TSC/RTU 170′ orITAU 170). Continuing at state 274, the interface device performs adesired operation or function, e.g., monitor, and preferably returns theresults of the operation to the network maintenance center 100 (FIGS.2,3). In another embodiment, the operation is initiated by a technicianat a location of the interface device and the results of the operationare returned for display to the technician.

Proceeding to state 276, a technician or operator at the networkmaintenance center 100 requests setup of the signal path for testing bythe protocol analyzer 110 (FIGS. 2,3). Moving to state 278, process 250routes the signal under test in the interface device to its TAD/FAD port188′ to the protocol analyzer 110 (FIGS. 2,3). At this point in time,the signal is ready to be tested by the protocol analyzer 110.Proceeding to state 280, a technician at the network maintenance center100, using the ECS 112, commands the protocol analyzer 110 via thecontrol link 117 to test the signal (from state 278). Moving to state282, the protocol analyzer 110 preferably transmits test results back tothe technician at the network maintenance center 100 via the data link114. In another embodiment, the test results are transmitted to thenetwork maintenance center 100 for processing by an analysis program andthe results are provided to the technician or other support personnel.In yet another embodiment, the protocol analyzer 110 performs ananalysis of the test results and transmits the analysis results back tothe network maintenance center 100. Connection processing process 250completes at state 284.

Referring to FIG. 6, the PAAS system utilizes a process 290 for accessaltering command processing to process the test access, e.g., change theaccess mode or disconnect a test access. This process determine a typeof access and returns in one of three conditions.

Beginning at a start state 292, the process 290 moves to state 294wherein the ECS 112 (FIGS. 2,3) sends a access mode command to thecommunication processor 194 (FIG. 8) over the X.25 or Ethernetcommunication interface 196′. The communication processor 194 sends thereceived command to the administration processor 190 for commandverification. As shown at state 296, the access mode commands include acommand for changing the access mode (chg-accmd) and disconnecting thetest access (disc-tacc). If the command is “disc-tacc”, theadministration processor 190 releases the circuit under test back to theDCS 118 (in case of access through a DCS), and the process 290 completesthe access altering processing at state 308.

Proceeding to state 298, process 290 looks up the access data based onthe test sequence number (TSN) and the test communication channel. Thisdata was previously stored by execution of state 262 (FIG. 5). Moving toa decision state 300, process 290 determines whether the access mode isfor a PAAS access (i.e. monitor-only or restricted access). The changeaccess mode command sets the type of access mode. If non-PAAS access isrequested, process 290 completes at state 302 and returns to allownon-PAAS access processing, such as intrusive testing or monitoring onauthorized circuit network(s) only.

If however, process 290 determines that a PAAS mode access is requested,as determined at decision state 300, process 290 continues at state 304wherein a determination is made whether the PAAS access is in anintrusive mode. If so, process 290 moves to state 306, rejects theintrusive PAAS access request, and completes execution. Theadministration processor 190 preferably generates a user message“Invalid Access Mode Specification” and an error code “SABT” signifyingStatus Aborted. However, if it is determined at decision state 304 thatthe access mode is non-intrusive, process 290 completes the accessaltering processing at state 308 and returns to allow PAAS accessprocessing, such as testing or analysis by the protocol analyzer 110(FIGS. 2,3). Note that states 298, 300 and 304 are performed by theadministration processor 190.

1. A system for testing at least one communication link, the systemcomprising: a test unit configured to perform testing of data in thecommunication link; an interface device in communication with the testunit, the interface device configured to access data from thecommunication link; and a controller, located remotely from theinterface device, the controller being configured to communicate atleast one command to the test unit via a data communications network,wherein the command is indicative of at least an instruction to the testunit to test at least one circuit of the communication link, and whereinthe controller is configured to permit access to the circuit by apredetermined group of users.
 2. The system of claim 1, wherein the testunit comprises at least one of a remote test unit (RTU) and a protocolanalyzer.
 3. The system of claim 1, wherein the interface device isconfigured to access at least one of a DS1, DS3, T1, and T3 signals of apublic switched telephone network (PSTN).
 4. The system of claim 3,wherein the interface device is configured to access the communicationlink directly or via a cross-connect switch.
 5. The system of claim 1,wherein the test unit is configured to perform testing of at least oneof a physical characteristic and a logical characteristic of thecommunication link.
 6. The system of claim 5, wherein the test unitcomprises at least one of a protocol analyzer and a physical circuittest unit.
 7. The system of claim 1, wherein the controller isconfigured to communicate at least one command via at least one of thepublic Internet, a private data communications network, a local areanetwork (LAN), a wide area network (WAN), and a dedicated communicationlink.
 8. The system of claim 1, wherein the interface device comprises atest unit providing access through one of a plurality of digitalcross-connect system.
 9. The system of claim 1, wherein the interfacedevice comprises an integrated test access unit capable of providingtest access through directly connected circuits.
 10. The system of claim1, wherein the interface device comprises test unit providing access toa channel embedded in the signal through one of a plurality of digitalcross-connect system.
 11. The system of claim 1, wherein the commandcomprises at least one TL1 command.
 12. A system for testing at leastone communication circuit, the system comprising: an interface deviceconfigured to access data from a communication circuit; a controllerconfigured to communicate at least one command to the test unit via adata communications network, wherein the command is indicative of atleast an instruction to access the communication circuit; and a moduleconfigured to permit access to at least one user provided that the useris in a allowable group of users and further configured to reject atleast one user when the user is absent from the allowable group ofusers.
 13. The system of claim 12, wherein the interface devicecomprises a test unit providing access to a channel embedded in thecircuit through one of a plurality of digital cross-connect systems. 14.The system of claim 12, wherein the controller is configured to access adatabase of network elements.
 15. The system of claim 12, wherein thecontroller comprises a computer.
 16. The system of claim 12, wherein thecontroller is separated physically from the location of the interfacedevice by at least one communications network.
 17. A system for testingat least one communication circuit, the system comprising: a test unitcomprising at least one port, wherein the test unit is configured toaccess data from the communication circuit through the at least oneport, and the at least one port being selected in accordance with thebandwidth of the circuit being tested; and a controller configured tocommunicate at least one command to the test unit via the datacommunications network, wherein the command is indicative of at least aninstruction to the test unit to access data from the communicationcircuit.
 18. The system of claim 17, further comprising: a protocolanalyzer configured to perform logical testing of data transmissions inthe communication circuit; the test unit in communication with theprotocol analyzer; and wherein the controller is further configured tocommunicate at least one command to the protocol analyzer via a datacommunications network, the command being indicative of at least aninstruction to the protocol analyzer to test the communication circuit.19. The system of claim 17, wherein the controller is physicallyseparated from the test unit by at least the data communicationsnetwork.
 20. The system of claim 17, wherein the controller comprises acomputer.
 21. The system of claim 17, wherein the controller isconfigured to control a plurality of test units.
 22. The system of claim17, wherein the controller is configured to selectively communicate acommand to the test unit based on preselected criteria.
 23. The systemof claim 22, wherein the preselected criteria comprises a useridentification.
 24. The system of claim 17, wherein the circuitcomprises a DS0 circuit.
 25. The system of claim 17, wherein the circuitcomprises a DS1 circuit.
 26. The system of claim 17, wherein the circuitcomprises a DS3 circuit.
 27. The system of claim 17, wherein the portcomprises a Facility Access Digroup (FAD) port for wideband testing. 28.The system of claim 17, wherein the port comprises a Facility AccessDigroup (FAD) port configured for narrowband testing.
 29. The system ofclaim 17, wherein the port comprises a Test Access Digroup (TAD) portconfigured for narrowband testing.
 30. The system of claim 17, whereinthe test unit comprises at least a second port, the second port beingselected in accordance with the bandwidth of a second circuit beingtested.
 31. The system of claim 30, wherein the circuit comprises a DS0circuit.
 32. The system of claim 30, wherein the circuit comprises a DS1circuit.
 33. The system of claim 30, wherein the circuit comprises a DS3circuit.
 34. The system of claim 30, wherein the second port comprises aFacility Access Digroup (FAD) port configured for wideband testing. 35.The system of claim 30, wherein the second port comprises a FacilityAccess Digroup (FAD) port configured for narrowband testing.
 36. Thesystem of claim 30, wherein the second port comprises a Test AccessDigroup (TAD) port configured for narrowband testing.
 37. The system ofclaim 30, wherein the data communications network comprises a TCP/IPnetwork.
 38. The system of claim 37, wherein the TCP/IP networkcomprises the Internet.
 39. The system of claim 17, wherein the datacommunications network comprises a X.25 network.
 40. The system of claim17, wherein the data communications network comprises an RS-232interface.
 41. The system of claim 40, wherein the RS-232 interface iscoupled to a telephone line modem.
 42. The system of claim 17, whereinthe data communications network comprises an Ethernet link.
 43. A methodof testing at least one communication circuit, the method comprising:identifying a user to determine whether the user is authorized toperform the command to access the circuit; denying access to the circuitto the user if not authorized; selecting at least one port of aninterface device for accessing data in a communications circuit inaccordance with the bandwidth of the circuit being tested; accessingdata from a communication circuit through the selected port of theinterface device; and communicating at least one command from acontroller to a test unit via a data communications network, wherein thecommand is indicative of at least an instruction to the test unit totest at least one circuit of the communication link.
 44. The method ofclaim 43, further comprising performing logical testing of datatransmissions in the communication circuit.
 45. The method of claim 43,wherein selecting at least one port includes designating a first portfor testing a DS0 circuit.
 46. The method of claim 45, furthercomprising designating a second port for testing a DS3 circuit.
 47. Themethod of claim 43, further comprising testing the data in thecommunications link using the test unit.
 48. The method of claim 43,wherein the data communications network comprises a TCP/IP network.